Enable Network Protection Via Group Policy [Windows 11/10]

If you want to harden your system against malicious websites, phishing attacks, and command-and-control connections, enabling Network Protection is one of the smartest moves you can make on a Windows machine. Built into Microsoft Defender Antivirus, this feature goes beyond traditional file-based protection and actively blocks outbound connections to dangerous domains and IP addresses.

For IT admins and power users, the most reliable way to enforce this setting across systems is through Group Policy. This method ensures consistency, prevents users from disabling the protection, and allows centralized management in enterprise or advanced home lab setups.

In this guide, you’ll learn exactly how to enable Network Protection via Group Policy on Windows 11 and Windows 10.

Enable Network Protection Via Group Policy [Windows 11/10]

Network Protection is part of Microsoft Defender Exploit Guard, and it works by analyzing outbound network traffic in real time. If a connection is identified as unsafe, such as a known phishing domain or malware command server, it gets blocked instantly.

This feature uses Microsoft’s cloud-based intelligence to stay updated with the latest threats. When configured via Group Policy, it operates at a system level, meaning users cannot easily bypass it.

One important thing to note is that this feature requires Microsoft Defender Antivirus to be active and real-time protection to be enabled. It also works best when cloud-delivered protection is turned on.

Here is a quick overview of the steps to enable the Network protection via Group Policy:

To enable Network Protection using Group Policy in Windows 11 or Windows 10, open the Local Group Policy Editor, navigate to Computer Configuration, Administrative Templates, Windows Components, Microsoft Defender Antivirus, and then Microsoft Defender Exploit Guard. Open the Network Protection policy, set it to Enabled, and choose Block mode. Apply the changes and restart your system to activate protection.

Now let’s walk through the full process step by step.

Step 1: Open the Local Group Policy Editor

The first step is accessing the Local Group Policy Editor, which is the control center for advanced Windows configurations.

To open it, press the Windows key and R together to bring up the Run dialog box. Type gpedit.msc and press Enter. This will launch the Group Policy Editor window.

If nothing happens or you get an error, it usually means you are running Windows Home Edition, which does not include Group Policy Editor by default. In that case, you would need to either enable it manually or use an alternative method such as PowerShell.

Once the editor is open, you’ll see a structured layout with two main sections: Computer Configuration and User Configuration. For Network Protection, everything is configured under Computer Configuration since it applies system-wide.

Step 2: Navigate to Microsoft Defender Exploit Guard Settings

After opening the Group Policy Editor, you need to drill down into the exact location where the Network Protection policy lives.

Start by expanding Computer Configuration, then Administrative Templates, then Windows Components. Scroll down until you find Microsoft Defender Antivirus and expand it.

Inside that folder, look for Microsoft Defender Exploit Guard and expand it as well. You will now see a folder labeled Network Protection.

Click on Network Protection, and in the right pane, you will see the available policies related to this feature.

This is where the main configuration happens, so make sure you’re in the correct path before proceeding.

Step 3: Open the Network Protection Policy Setting

In the right pane, locate the policy named Prevent users and apps from accessing dangerous websites.

Double-click on this policy to open its configuration window. This is the core setting that controls whether Network Protection is active or not.

By default, this policy is set to Not Configured, which means the system is not enforcing any specific behavior through Group Policy.

When you open it, you will see three main options: Not Configured, Enabled, and Disabled. To activate Network Protection, you need to select Enabled.

Once you choose Enabled, additional options will appear that let you define how the protection behaves.

Step 4: Configure Network Protection Mode

After enabling the policy, you will see a dropdown menu that allows you to select the Network Protection mode.

There are typically three modes available: Disable, Audit Mode, and Block Mode.

Disable means the feature is turned off completely. Audit Mode allows the system to log potentially harmful connections without actually blocking them. Block Mode is the most secure option, as it actively prevents connections to malicious domains.

For most users and environments, choosing Block Mode is the best approach because it provides real-time protection against threats.

However, if you’re testing or deploying in a sensitive environment where false positives might be a concern, starting with Audit Mode can help you evaluate the impact before enforcing blocking.

Select Block Mode from the dropdown to ensure full protection.

Step 5: Apply the Policy and Save Changes

Once you’ve configured the policy settings, click Apply and then OK to save your changes.

At this point, the policy is set, but it may not take effect immediately depending on your system configuration.

Group Policy changes usually apply during the next system refresh cycle, but you can force the update manually to speed things up.

Step 6: Force Group Policy Update

To apply the changes right away, open Command Prompt as an administrator.

Type the command gpupdate /force and press Enter. This will refresh all Group Policy settings on your system.

You should see a message confirming that both user and computer policies have been updated successfully.

In some cases, you might be prompted to restart your system. If that happens, go ahead and reboot to ensure everything is applied correctly.

Step 7: Verify Network Protection Status

After applying the policy, it’s a good idea to verify that Network Protection is actually active.

You can do this using Windows Security.

Open the Windows Security app, go to App and browser control, and then look for Exploit protection settings or related indicators. While Network Protection itself may not always be directly visible here, its behavior will reflect in system logs and protection actions.

For a more technical verification, you can use PowerShell and check the status using the command Get-MpPreference.

Look for the setting related to EnableNetworkProtection. If it shows a value indicating block mode, your configuration is successful.

FAQs

What is Network Protection in Microsoft Defender?

Network Protection is a security feature that blocks outbound connections to malicious or suspicious domains. It helps prevent phishing attacks, malware communication, and data exfiltration attempts.

Does Network Protection work on all browsers?

Yes, it works at the network level, so it is not limited to a specific browser. It protects traffic across most applications, including browsers and background processes.

Is Group Policy required to enable Network Protection?

No, you can also enable it using PowerShell. However, Group Policy is preferred in managed environments because it enforces the setting and prevents user tampering.

What is the difference between Audit Mode and Block Mode?

Audit Mode logs potentially harmful connections without blocking them, whereas Block Mode actively prevents them. Audit Mode is useful for testing before enforcement.

Does this feature impact system performance?

In most cases, the impact is minimal. Since it relies on cloud intelligence and optimized filtering, it runs efficiently in the background.

Is Network Protection available on Windows Home?

Not officially through Group Policy. Some functionality may be enabled via PowerShell, but full management features are more limited than in the Pro and Enterprise editions.